public
/
nextcloud-container
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
nextcloud-container/nextcloud-container.nix

175 lines
6.0 KiB
Nix
Raw Permalink Blame History

{ config, lib, pkgs, ... }@toplevel:
with lib;
let
cfg = config.services.nextcloudContainer;
hostname = config.instance.hostname;
hostSecrets = config.fudo.secrets.host-secrets."${hostname}";
mkEnvFile = envVars:
let
envLines =
mapAttrsToList (var: val: ''${var}="${toString val}"'') envVars;
in pkgs.writeText "envFile" (concatStringsSep "\n" envLines);
postgresPasswdFile =
pkgs.lib.passwd.stablerandom-passwd-file "nextcloud-postgres-passwd"
config.instance.build-seed;
in {
options.services.nextcloudContainer = with types; {
enable = mkEnableOption "Enable Nextcloud running in an Arion container.";
state-directory = mkOption {
type = str;
description = "Directory at which to store server state data.";
};
store-directory = mkOption {
type = str;
description =
"Directory at which to store bulk cloud data (eg pictures).";
};
hostname = mkOption {
type = str;
description = "Hostname at which the server is available.";
};
package = mkOption {
type = package;
description = "NextCloud package to use.";
};
extra-apps = mkOption {
type = attrsOf package;
description = "List of other apps to enable.";
default = { };
};
port = mkOption {
type = port;
description = "Intenal port on which to listen for requests.";
default = 6093;
};
timezone = mkOption {
type = str;
default = "America/Winnipeg";
};
};
config = mkIf cfg.enable {
systemd.tmpfiles.rules = [
"d ${cfg.state-directory}/nextcloud 0750 root root - -"
"d ${cfg.state-directory}/postgres 0750 root root - -"
"d ${cfg.store-directory} 0750 root root - -"
];
fudo.secrets.host-secrets."${hostname}" = {
nextcloudAdminPasswd = {
source-file =
pkgs.lib.passwd.stablerandom-passwd-file "nextcloud-admin-passwd"
config.instance.build-seed;
target-file = "/run/nextcloud/admin.passwd";
};
};
virtualisation.arion.projects.nextcloud.settings = let
image = { ... }: {
project.name = "nextcloud";
services = {
nextcloud = { pkgs, lib, ... }: {
nixos = {
useSystemd = true;
configuration = {
boot.tmpOnTmpfs = true;
system.nssModules = lib.mkForce [ ];
environment.etc."nextcloud/admin.passwd" = {
source = "/run/nextcloud/admin.passwd";
mode = "0400";
user = "nextcloud";
};
systemd.tmpfiles.rules = [
"d /var/lib/nextcloud/data 0700 nextcloud root - -"
"d /var/lib/nextcloud/data/config 700 nextcloud root - -"
"d /var/lib/nextcloud/home 0755 nextcloud root - -"
];
services = {
nscd.enable = false;
postgresql.enable = true;
nextcloud = {
enable = true;
package = cfg.package;
hostName = cfg.hostname;
home = "/var/lib/nextcloud/home";
datadir = "/var/lib/nextcloud/data";
webfinger = true;
configureRedis = true;
extraAppsEnable = true;
extraApps = cfg.extra-apps;
autoUpdateApps.enable = true;
appstoreEnable = false;
enableImagemagick = true;
database.createLocally = true;
nginx.recommendedHttpHeaders = true;
maxUploadSize = "4G";
https = true;
config = {
dbtype = "pgsql";
adminpassFile = "/etc/nextcloud/admin.passwd";
overwriteProtocol = "https";
extraTrustedDomains = [ "nextcloud.fudo.org" ];
defaultPhoneRegion = "CA";
# TODO: is there a way to narrow this?
trustedProxies = [ "10.0.0.0/8" ];
};
poolSettings = {
"pm" = "dynamic";
"pm.max_children" = "32";
"pm.max_requests" = "500";
"pm.max_spare_servers" = "8";
"pm.min_spare_servers" = "2";
"pm.start_servers" = "6";
};
phpOptions = {
"catch_workers_output" = "yes";
"display_errors" = "stderr";
"error_reporting" = "E_ALL & ~E_DEPRECATED & ~E_STRICT";
"expose_php" = "Off";
"opcache.enable_cli" = "1";
"opcache.fast_shutdown" = "1";
"opcache.interned_strings_buffer" = "8";
"opcache.max_accelerated_files" = "10000";
"opcache.memory_consumption" = "128";
"opcache.revalidate_freq" = "1";
"openssl.cafile" = "/etc/ssl/certs/ca-certificates.crt";
"output_buffering" = "0";
"short_open_tag" = "Off";
"max_input_time" = "3600";
"max_execution_time" = "3600";
};
};
};
};
};
service = {
restart = "always";
volumes = [
"${cfg.state-directory}/nextcloud:/var/lib/nextcloud/home"
"${cfg.store-directory}:/var/lib/nextcloud/data"
"${hostSecrets.nextcloudAdminPasswd.target-file}:/run/nextcloud/admin.passwd:ro,Z"
"${cfg.state-directory}/postgresql:/var/lib/postgresql"
];
ports = [ "${toString cfg.port}:80" ];
};
};
};
};
in { imports = [ image ]; };
};
}
Reference in New Issue View Git Blame Copy Permalink